CVE-2021-43958

Name of the Vulnerable Software and Affected Versions Fisheye and Crucible versions prior to 4.8.9

Description The issue allows remote attackers to brute force user login credentials due to the improper restriction of excess authentication attempts. This is because rest resources did not check if users were beyond their max failed login limits, requiring the solving of a CAPTCHA in addition to providing user credentials for authentication.

Recommendations For versions prior to 4.8.9, update to version 4.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to rest resources to minimize the risk of exploitation. Additionally, consider implementing measures to limit excess authentication attempts, such as temporarily locking out users after a certain number of failed login attempts.